fix(crypt): symmetric crypt compatibility

[fufesou]

Retain the local permanent and SOCKS passwords if unchanged.

Testing

Switching between 1.4.6 and the current version does not alter the local permanent or SOCKS passwords unless manually changed.

Notes

Changes to the local permanent password, RDP password, OS username, or OS password only affect the control/local side.

Compatibility for this does not need to be over-engineered.

Summary by CodeRabbit

• Improvements
  • Configuration saves now preserve existing encrypted credentials when the provided plaintext is unchanged, preventing unnecessary re-encryption.
  • Applies to both SOCKS5 and permanent password storage, reducing work during saves while maintaining security and existing ciphertext where appropriate.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 44744643-4b79-47f5-bf4e-dc42aa569cf7

📥 Commits

Reviewing files that changed from the base of the PR and between 1463228 and 82ce6e7.

📒 Files selected for processing (1)

• src/config.rs

🚧 Files skipped from review as they are similar to previous changes (1)

• src/config.rs

---

📝 Walkthrough

Walkthrough

Both Config2::store() and Config::store() now conditionally preserve existing encrypted password ciphertexts: when the caller’s plaintext matches the stored plaintext, the stored ciphertext is kept; otherwise the field is re-encoded.

Changes

Encrypted Password Preservation

Layer / File(s)	Summary
Preserve SOCKS5 and permanent passwords in Config store operations src/config.rs	Config2::store() loads stored Config2 to extract socks.password ciphertext and applies keep_encrypted_storage_if_plaintext_unchanged. Config::store() loads stored Config and applies the same preservation logic to password instead of unconditionally re-encrypting.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• rustdesk/hbb_common#545: Similar preservation pattern applied to unlock_pin/enc_id fields using keep_encrypted_storage_if_plaintext_unchanged.
• rustdesk/hbb_common#540: Related changes to permanent-password persistence and re-encoding behavior in src/config.rs.
• rustdesk/hbb_common#507: Related edits around Config::store() permanent-password handling and storage format migration.

Suggested reviewers

• rustdesk

Poem

🐰 I peeked inside the config store today,
A ciphertext snug where plaintext used to play.
If the secret's the same, don't spin the wheel,
Keep the bytes untouched — that's the clever deal.
A little rabbit nods, and hops away with glee.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title refers to a real aspect of the change (symmetric crypt compatibility when passwords are unchanged), directly related to the main objective of preserving stored encrypted passwords.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

src/config.rs (1)

724-732: 💤 Low value

Redundant assignment when passwords are equal.

When stored.password == config.password evaluates to true, the subsequent assignment config.password = stored.password is a no-op since both strings are already equal. Consider simplifying to only call the helper when values differ:

♻️ Suggested simplification

         let stored = Config::load_::<Config>("");
-        if stored.password == config.password {
-            config.password = stored.password;
-        } else {
+        if stored.password != config.password {
             config.password = keep_encrypted_storage_if_plaintext_unchanged(
                 &config.password,
                 &stored.password,
             );
         }

Note: The equality check correctly handles the legacy plaintext case where neither value is encrypted, so the overall logic is sound.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/config.rs` around lines 724 - 732, The branch assigns stored.password to
config.password even when they're equal, which is redundant; update the logic in
the block that loads Config::load_::<Config>("") so that you only call
keep_encrypted_storage_if_plaintext_unchanged(&config.password,
&stored.password) and assign its result to config.password when stored.password
!= config.password, otherwise leave config.password untouched (i.e., remove the
no-op assignment of stored.password when values are equal).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/config.rs`:
- Around line 724-732: The branch assigns stored.password to config.password
even when they're equal, which is redundant; update the logic in the block that
loads Config::load_::<Config>("") so that you only call
keep_encrypted_storage_if_plaintext_unchanged(&config.password,
&stored.password) and assign its result to config.password when stored.password
!= config.password, otherwise leave config.password untouched (i.e., remove the
no-op assignment of stored.password when values are equal).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1f26f7b0-aec9-4a08-8fd2-fa2fcc826198

📥 Commits

Reviewing files that changed from the base of the PR and between 4d8af61 and 1463228.

📒 Files selected for processing (1)

• src/config.rs